I can access that url in my browser so it obviously doesn't need any special headers. Considering I am seeing debug data at that url, I assume that the backend belongs to you.
In that case, I would imagine you're running into CORS issues if your front-end, where you have this ajax code, is on a different domain (if you are using steroids, you are definitely on a different domain as steroids by default uses http://localhost
).
Official information regarding CORS is here
Access-Control-Allow-Origin: *
should resolve your problem.
Note that you would need to set response headers at your backend, not the ajax request.
Hope that helps, let me know if you need me to expand on that or if I am mistaken with my assumptions.